ansi-regex 6.1.0 → 6.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +8 -4
- package/package.json +1 -1
- package/readme.md +6 -0
package/index.js
CHANGED
|
@@ -1,10 +1,14 @@
|
|
|
1
1
|
export default function ansiRegex({onlyFirst = false} = {}) {
|
|
2
2
|
// Valid string terminator sequences are BEL, ESC\, and 0x9c
|
|
3
3
|
const ST = '(?:\\u0007|\\u001B\\u005C|\\u009C)';
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
4
|
+
|
|
5
|
+
// OSC sequences only: ESC ] ... ST (non-greedy until the first ST)
|
|
6
|
+
const osc = `(?:\\u001B\\][\\s\\S]*?${ST})`;
|
|
7
|
+
|
|
8
|
+
// CSI and related: ESC/C1, optional intermediates, optional params (supports ; and :) then final byte
|
|
9
|
+
const csi = '[\\u001B\\u009B][[\\]()#;?]*(?:\\d{1,4}(?:[;:]\\d{0,4})*)?[\\dA-PR-TZcf-nq-uy=><~]';
|
|
10
|
+
|
|
11
|
+
const pattern = `${osc}|${csi}`;
|
|
8
12
|
|
|
9
13
|
return new RegExp(pattern, onlyFirst ? undefined : 'g');
|
|
10
14
|
}
|
package/package.json
CHANGED
package/readme.md
CHANGED
|
@@ -46,6 +46,12 @@ Default: `false` *(Matches any ANSI escape codes in a string)*
|
|
|
46
46
|
|
|
47
47
|
Match only the first ANSI escape.
|
|
48
48
|
|
|
49
|
+
## Important
|
|
50
|
+
|
|
51
|
+
If you run the regex against untrusted user input in a server context, you should [give it a timeout](https://github.com/sindresorhus/super-regex).
|
|
52
|
+
|
|
53
|
+
**I do not consider [ReDoS](https://blog.yossarian.net/2022/12/28/ReDoS-vulnerabilities-and-misaligned-incentives) a valid vulnerability for this package.**
|
|
54
|
+
|
|
49
55
|
## FAQ
|
|
50
56
|
|
|
51
57
|
### Why do you test for codes not in the ECMA 48 standard?
|